Academic Catalog

ACTG 55: INFORMATION SYSTEMS & CONTROLS (ISC)

Foothill College Course Outline of Record

Foothill College Course Outline of Record
Heading Value
Effective Term: Summer 2025
Units: 5
Hours: 5 lecture per week (60 total per quarter)
Prerequisite: ACTG 1A or 1AH.
Degree & Credit Status: Degree-Applicable Credit Course
Foothill GE: Non-GE
Transferable: CSU
Grade Type: Letter Grade (Request for Pass/No Pass)
Repeatability: Not Repeatable

Student Learning Outcomes

  • Explain the IT audit and advisory services, SOC engagements and the management of financial information.
  • Explain business processes and internal controls, risks associated with IT and controls, and data management relationships

Description

This course focuses on information systems, information technology governance and risk assessment, processing integrity and tests of controls, availability, confidentiality and privacy, SOC engagements, use and management of data, and information security and protection of information assets.

Course Objectives

The student will be able to:

  1. Explain information technology (IT) governance and strategy, and demonstrate overall awareness of IT standards
  2. Explain basics of assurance-related research and techniques
  3. Explain IT systems, controls, and resources; identify risks to information systems and the organizational risk appetite
  4. Demonstrate awareness of IT risks and their related business impact
  5. Identify IT control frameworks
  6. Identify IT control activities (ITGC)
  7. Identify and evaluate appropriate application controls
  8. Explain IT change management risks and processes
  9. Recognize the basics of cybersecurity and risk management
  10. Analyze and evaluate the flow of transactions in a system interface diagram to identify risks
  11. Determine logical access controls and prepare results of appropriate tests of security
  12. Perform tests and report on the results of change management controls
  13. Design appropriate tests of the application controls related to business processes
  14. Identify additional procedures needed to obtain sufficient appropriate evidence due to data analytic procedures
  15. Recognize the basics of SOC engagements and SOC reports
  16. Identify scope considerations for the SOC engagement and complementary controls
  17. Perform SOC engagement procedures
  18. Explain SOC reports, considerations, exceptions, and distribution
  19. Recognize the basics of a data governance program
  20. Identify basics of data extraction, preparation, and manipulation
  21. Identify and define information security and privacy frameworks and their associated risks
  22. Recognize the basics of business resiliency
  23. Recognize the basics of business continuity

Course Content

  1. IT governance and risk assessment
    1. IT governance, strategy, and standards
    2. Assurance-related research
    3. Business processes and the design of IT internal controls
    4. IT risk identification and assessment
    5. IT control frameworks
    6. IT general controls (ITGC)
    7. Application controls
    8. IT change management
    9. Cybersecurity risk management
    10. System interfaces/flow of data
  2. Performing procedures, tests of internal controls
    1. Logical access controls
    2. IT change management
    3. Tests of internal controls related to business processes
    4. Sufficient appropriate evidence: specific matters that require special consideration
  3. SOC engagements
    1. Basic concepts
    2. SOC engagement: planning
    3. SOC engagement: performing procedures
    4. SOC engagement: reporting
  4. Use and management of data
    1. Data governance
    2. Data preparation/manipulation
  5. Information security and protection of information assets
    1. Information security and privacy frameworks, and standards
    2. Business resiliency
    3. Business continuity

Lab Content

Not applicable.

Special Facilities and/or Equipment

1. Access to spreadsheet, word processing, and presentation software.
2. When taught as an online distance learning section, students and faculty need reliable and ongoing internet (Java-enabled) and email access.

Method(s) of Evaluation

Methods of Evaluation may include but are not limited to the following:

Quizzes
Exams
Class participation
Homework
Assignments requiring the use of general ledger software, spreadsheet, word processor, and presentation applications, such as QuickBooks, MS Excel, MS Word, and MS PowerPoint, respectively
Team projects
Research assignments
Case study analysis
Oral and/or written presentations

Method(s) of Instruction

Methods of Instruction may include but are not limited to the following:

Lecture
Electronic discussions
Group work
Case studies

Representative Text(s) and Other Materials

Gleim, Irvin N., Garrett W. Gleim, and William A. Hillison. Gleim CPA Information Systems & Controls (ISC). 2024.

Romney, Marshall B., Paul J. Steinbart, Scott L. Summers, and David A. Wood. Accounting Information Systems, 16th ed.. 2023.

Arens, Alvin A., Randal J. Elder, Mark S. Beasley, and Chris E. Hogan. Auditing and Assurance Services, 18th ed.. 2023.

Types and/or Examples of Required Reading, Writing, and Outside of Class Assignments

  1. Students will be expected to read approximately 40 pages per week, in addition to completing associated assignments for an estimated total of 10 hours out-of-class commitment per week
  2. Applying basic Excel commands to prepare financial statements, bank reconciliation, budgets, and accounting reports
  3. Reading of corporate annual reports
  4. Writing assignment responding to questions related to the corporate annual reports of publicly-held corporations
  5. Written research paper and/or project
  6. Reading of internet articles and writing on accounting topics or accounting-related current events and/or careers
  7. Reading Wall Street JournalBusiness Week, and Fortune

Discipline(s)

Accounting